[英]Are there any Clang Static Analyzer checkers for sqlite issues?
The Clang Static Analyzer used by Xcode uses checkers to identify warnings and errors in source code. Xcode使用的Clang静态分析器使用检查器来识别源代码中的警告和错误。 I'd like to use a checker to detect when sqlite is used with sqlite3_prepare_v2
being called without calling sqlite3_finalize
. 我想用一个检查时,SQLite是与用于检测sqlite3_prepare_v2
被称为不调用sqlite3_finalize
。
Here is a list of existing checkers. 以下是现有检查程序的列表。
http://clang-analyzer.llvm.org/available_checks.html http://clang-analyzer.llvm.org/available_checks.html
And here is a list of potential checkers. 这是潜在检查者的列表。
http://clang-analyzer.llvm.org/potential_checkers.html http://clang-analyzer.llvm.org/potential_checkers.html
Are there any checkers out there specific to sqlite which could address this issue? 是否有特定于sqlite的检查程序可以解决此问题? Is there another way to automatically detect missing/unbalanced calls? 还有另一种自动检测丢失/不平衡呼叫的方法吗?
Unfortunately No way. 不幸的是没有办法。
Only you can do is, make sure you have written the sqlite3_finalize
inside the sqlite3_prepare
block instead of writing outside. 只有您能做的是,确保已在sqlite3_prepare
块内编写了sqlite3_finalize
而不是在外部编写。 This will handle sqlite3_prepare
failure issues. 这将处理sqlite3_prepare
失败问题。
if(sqlite3_prepare(dbfile,query,-1,&statement,0)==SQLITE_OK)
{
int res=sqlite3_step(statement);
result=res;
sqlite3_finalize(statement);
}
If you are wtitten sqlite3_finalize
outside the sqlite3_prepare
block, it will cause issues while sqlite3_prepare
statement fails. 如果您wtitten sqlite3_finalize
外sqlite3_prepare
块,它会同时导致问题sqlite3_prepare
语句失败。
Please look at this example: Accessing a SQLite Database with C++ 请看下面的例子: 用C ++访问SQLite数据库
有一个Clang静态分析器,您可以在https://github.com/XSecurity/XSecurity中找到它
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.